-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [EMAIL PROTECTED] schrieb: > -DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, > - const struct dsdb_class *objectclass) > +static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, > + const struct dsdb_class *objectclass) > { > NTSTATUS status; > DATA_BLOB *linear_sd; > struct auth_session_info *session_info > = ldb_get_opaque(module->ldb, "sessionInfo"); > - struct security_descriptor *sd = sddl_decode(mem_ctx, > - > objectclass->defaultSecurityDescriptor, > - > samdb_domain_sid(module->ldb)); > + struct security_descriptor *sd > + = sddl_decode(mem_ctx, > + objectclass->defaultSecurityDescriptor, > + samdb_domain_sid(module->ldb)); > + > if (!session_info || !session_info->security_token) { > return NULL; > }
what I meant was something like this: struct auth_session_info *session_info; struct dom_sid *domsid; struct security_descriptor *sd; session_info = ldb_get_opaque(module->ldb, "sessionInfo"); if (!session_info || !session_info->security_token) { return NULL; } domsid = samdb_domain_sid(module->ldb); if (!domsid) { return NULL; } sd = sddl_decode(mem_ctx, objectclass->defaultSecurityDescriptor, domsid); if (!sd) { return NULL; } and maybe a more verbose error code than NULL would be good:-) metze -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGuhfmm70gjA5TCD8RAmQyAKCno4QAeBOXiMpTN3g8TqLeHrt4NQCgqf+o hcuXPTkyHwGAnK+naDM2Yd8= =h6mN -----END PGP SIGNATURE-----